Skip to main content

Implementing RBAC and Scoping in Microsoft Intune

When you create an Intune tenant within your environment, you execute the creation with an account which is Global Administrator within Azure Active Directory. And in my work as an indendent consultant I see a lot of companies which keep using the account with Global Administator rights to manage their Microsoft Intune environment as well.

While for initially setting up some Azure AD functionality Global Administrator rights might be needed, this is only the case during the setup phase. Once you have implemented your environment, you hardly ever need the Global Administrator rights and for most tasks they are not needed perse. Think of the Global Administrator rights as an equivalalent of the Forest Administrator/Schema Administrator group within Active Directory.

Disclaimer: This post is written on December 4th 2019 and reflects the state of this functionality at that point in time.

Read More

Intune: Choosing whether to assign to User or Device Groups

One of the disadvantages of being an experienced consultant in IT is the fact that once in a while you need to re-learn. With re-learn I mean that for some concepts it’s easier to understand how it works if you come from no-experience. I’ve experienced this with quite some Microsoft products as well. If you know the old version, switching to concepts in a new version might not be that easy compared to when you get to know the new version without any prior knowledge.

I also experienced this “challenge” lately when trying to figure out when to assign applications or configuration to either User Groups or Device Groups.

Read More

What are Guided Scenarios in Microsoft 365 Device Management/Intune?

While browsing the new Microsoft 365 Device Management portal I noticed the following option: “Guided scenarios (preview)”. From the What’s new in Intune page it seems that this functionality was released in the release of October 14th 2019.

Disclaimer: This post is written on Oktober 29th 2019 and reflects the state of this functionality at this point in time.

Guided scenarios (preview) in the Microsoft 365 Device Management Portal

So, what’s a guided scenario, you might ask, Microsoft explains it as following: “A guided scenario is an end-to-end experience in Intune where you can tackle a big task, in a single workflow. Assemble policies, apps, assignments, and other management objects into a reusable collection that you can deploy as many times as you want.”

Technically, Guided scenario’s provide a way to create a policy set based on a scenario, something I already blogged about here: “So what are policy sets?

Read More

iOS restore behaviour when re-enrolling devices with backup data into Intune

While implementing Intune at my customers I rarely encounter green field implementations where computers and mobile devices are newly delivered and no data needs to be restored on the device. Most of the time, the devices are already in use and we need to figure out some strategy to deal with the data from the device, before we re-install the device and bring it under management.

For iOS devices I recently did some testing about the possiblities of restoring iTunes backup to devices which are re-enrolled into Intune, therefore receiving a Management Profile.

Read More